Risky Business #710 -- Why your corporate VPN will get you owned
06/13/23 • 62 min
1 Listener
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Fortinet 0day Groundhog Day
- CISA’s new binding directive on exposed management interfaces
- Confirmed: US intelligence buying commercially available data
- MOVEit drama rolls on
- Much, much more
This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek
- Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security
- MOVEit announces second vulnerability; Minnesota schools agency breached with original bug
- Confidential data downloaded from UK regulator Ofcom in cyberattack
- Ransomware group Clop issues extortion notice to ‘hundreds’ of victims
- Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
- CISA orders US civilian agencies to remove tools from public-facing internet
- Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive
- Microsoft says Azure outage was caused by ‘anomalous’ traffic spike
- Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive
- Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco
- U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ
- The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED
- Srsly Risky Biz: Thursday, July 29 - by Tom Uren
- National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post
- Senators say Biden administration isn’t close on overhauling surveillance law
- Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e
- North Korean hacking group Lazarus linked to $35 million cryptocurrency heist
- North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters
- An Illinois hospital links closure to ransomware attack
- Security professional's tweet forces big change to Google email authentication | CyberScoop
- Can you trust ChatGPT’s package recommendations?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Fortinet 0day Groundhog Day
- CISA’s new binding directive on exposed management interfaces
- Confirmed: US intelligence buying commercially available data
- MOVEit drama rolls on
- Much, much more
This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek
- Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security
- MOVEit announces second vulnerability; Minnesota schools agency breached with original bug
- Confidential data downloaded from UK regulator Ofcom in cyberattack
- Ransomware group Clop issues extortion notice to ‘hundreds’ of victims
- Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
- CISA orders US civilian agencies to remove tools from public-facing internet
- Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive
- Microsoft says Azure outage was caused by ‘anomalous’ traffic spike
- Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive
- Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco
- U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ
- The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED
- Srsly Risky Biz: Thursday, July 29 - by Tom Uren
- National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post
- Senators say Biden administration isn’t close on overhauling surveillance law
- Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e
- North Korean hacking group Lazarus linked to $35 million cryptocurrency heist
- North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters
- An Illinois hospital links closure to ransomware attack
- Security professional's tweet forces big change to Google email authentication | CyberScoop
- Can you trust ChatGPT’s package recommendations?
Previous Episode
Risky Business #709 -- Cl0p goes berserk with MOVEit 0day
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Russia’s FSB uncovers “NSA malware” on iPhones
- Cl0p mass harvests data from MOVEit file transfer servers
- ASD discloses a bunch of operations against ISIS, criminals
- Why China’s prepositioning is probably... prepositioning
- Much, much more
This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Russia says US hacked thousands of Apple phones in spy plot | Reuters
- Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign
- Russia wants 2 million phones with home-grown Aurora OS for use by officials
- Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком
- Why China's Latest APT Campaign is Legitimately Worrying
- War crimes committed through cyberspace must not escape international justice, says Estonian president
- Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED
- How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News
- Australian intelligence's secret hand in bringing down the Bali bombers - ABC News
- Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter
- What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive
- metlstorm: "Great, so now I have to roll i..." - Infosec Exchange
- Dave Aitel: "@riskybusiness @chort honestly..." - Infosec Exchange
- Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica
- Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
- Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security
- Wayback Machine
- Discord Admins Hacked by Malicious Bookmarks – Krebs on Security
- Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica
- How university cybersecurity clinics can help cities fight ransomware | CyberScoop
- Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it...
Next Episode
Risky Business #711 -- Albanian authorities raid MEK camp over Iran hacks
1 RecommendationsOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Albanian authorities raid MEK over Iran hacks
- Microsoft admits “Anonymous Sudan” took down its services
- US Government puts $10m bounty on CL0P
- A deeper look at the Barracuda hack campaign
- Much, much more
This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Police raid Iranian opposition camp in Albania, seize computers | AP News
- Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan
- Anonymous Sudan and Killnet strike again, target EIB
- Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop
- Hackers infect Russian-speaking gamers with fake WannaCry ransomware
- US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive
- (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter
- U.S. government says several agencies hacked as part of broader cyberattack
- Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive
- Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive
- Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant
- New DOJ unit will focus on prosecuting nation-state cybercrime
- EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’
- The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED
- Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker
- Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian
- Bipartisan bill would protect Americans’ data from export abroad
- District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice
- I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon
- CID-FLYER-TEMPLATE
- New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop
If you like this episode you’ll love
Episode Comments
Featured in these lists
Generate a badge
Get a badge for your website that links back to this episode
Select type & size
<a href="https://goodpods.com/podcasts/risky-business-43859/risky-business-710-why-your-corporate-vpn-will-get-you-owned-30723722"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to risky business #710 -- why your corporate vpn will get you owned on goodpods" style="width: 225px" /> </a>
Copy